We have multiple remote sites and are looking at options for upgrading
servers.  One proposal is to install a server at select sites and let all
other sites connect remotely to the single server for file sharing.  My
question is about authentication, will logons at sites without AD DCs
authenticate over the WAN and if they do what would be the cons to doing it
this way?  We are on a frame relay network with all sites running at least a
T1 256K connection.

When you talk about sites I'm assuming your are referring to geographical
and not Active Directory.

All AD clients will attempt to authenticate to the DC's within their AD site
by requesting services for their from DNS.  They will then attempt to
authenticate to the DC's in their site.  If they don't get a response they
will then go out side of their site and logon to a seperate site from their
own.

As far as the placement of dc's  you have to look at what is at the site and
the available bandwidth.
     If the link to the site is slow or near capacity -or- there are large
numbers of users then you should place a dc in this remote site
     If the link to the site is unreliable -or- only intemittently available
then you should place a dc in this remote site

     If the site has only a small number of users and they are only using
the directory for authenication then you probably don't need a dc
     If a site has only client computers (No servers) and you lose the link
and don't have a dc the users can use cached credentials

If I remember right the number of users for a slow link to require a dc is
25.

Show quoteHide quote

How to Use CSVDE.exe without exporting the "DN"
GC not responding
restrict access to AD:USER properties for a particular set of user
password policy
Logon problems
Lots of Event ID 566
logon to domain while dc is colsed
ADAM replication with firewall
Change Active Directory Information
Exporting AD Objects by creation date